/*
package com..common.filter;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.io.IOUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import com..common.utils.StringUtils;
import com..common.utils.html.EscapeUtil;

*/
/**
 * XSS过滤处理
 * 
 * @author
 *//*

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
{
    */
/**
     * @param request
     *//*

    public XssHttpServletRequestWrapper(HttpServletRequest request)
    {
        super(request);
    }

    @Override
    public String[] getParameterValues(String name)
    {
        String[] values = super.getParameterValues(name);
        if (values != null)
        {
            int length = values.length;
            String[] escapesValues = new String[length];
            for (int i = 0; i < length; i++)
            {
                // 防xss攻击和过滤前后空格
                escapesValues[i] = EscapeUtil.clean(values[i]).trim();
            }
            return escapesValues;
        }
        return super.getParameterValues(name);
    }

    @Override
    public ServletInputStream getInputStream() throws IOException
    {
        System.out.println("22222222222222222");
        // 非json类型，直接返回
        if (!isJsonRequest())
        {
            return super.getInputStream();
        }

        // 为空，直接返回
        String json = IOUtils.toString(super.getInputStream(), "utf-8");
        if (StringUtils.isEmpty(json))
        {
            return super.getInputStream();
        }

        // xss过滤
        json = EscapeUtil.clean(json).trim();
        byte[] jsonBytes = json.getBytes("utf-8");
        final ByteArrayInputStream bis = new ByteArrayInputStream(jsonBytes);
        return new ServletInputStream()
        {
            @Override
            public boolean isFinished()
            {
                return true;
            }

            @Override
            public boolean isReady()
            {
                return true;
            }

            @Override
            public int available() throws IOException
            {
                return jsonBytes.length;
            }

            @Override
            public void setReadListener(ReadListener readListener)
            {
            }

            @Override
            public int read() throws IOException
            {
                return bis.read();
            }
        };
    }

    */
/**
     * 是否是Json请求
     * 
     * @param request
     *//*

    public boolean isJsonRequest()
    {
        String header = super.getHeader(HttpHeaders.CONTENT_TYPE);
        System.out.println("11111111111111111111");
        return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);
    }
}*/
package com.ahms.common.filter;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;

import java.util.regex.Pattern;

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {

    // 匹配危险脚本标签的正则表达式
    private static final Pattern SCRIPT_TAG_PATTERN = Pattern.compile("<(script|style)(\\s+[^>]*)?>.*?</\\1>", Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
    // 匹配危险事件属性的正则表达式
    private static final Pattern EVENT_ATTRIBUTE_PATTERN = Pattern.compile("(on\\w+)\\s*=\\s*['\"]?[^'\">]*['\"]?", Pattern.CASE_INSENSITIVE);

    public XssHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String[] getParameterValues(String parameter) {
        String[] values = super.getParameterValues(parameter);
        if (values == null) {
            return null;
        }
        int count = values.length;
        String[] encodedValues = new String[count];
        for (int i = 0; i < count; i++) {
            encodedValues[i] = xssEncode(values[i]);
        }
        return encodedValues;
    }

    @Override
    public String getParameter(String parameter) {
        String value = super.getParameter(parameter);
        if (value == null) {
            return null;
        }
        return xssEncode(value);
    }

    private String xssEncode(String input) {
        if (input == null) {
            return null;
        }
        // 移除危险脚本标签
        String filtered = SCRIPT_TAG_PATTERN.matcher(input).replaceAll("");
        // 移除危险事件属性
        filtered = EVENT_ATTRIBUTE_PATTERN.matcher(filtered).replaceAll("");
        return filtered;
    }
}